CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...

CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

CVE-2026-7605

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

CVE-2026-29905

Kirby CMS up to version 5.1.4 is affected. An authenticated user with Editor permissions can trigger a persistent Denial of Service by uploading a malformed image. The issue stems from inadequate validation of the return value of PHP getimagesize() during processing for metadata or thumbnail gene...

CVE-2026-0643 projectworlds House Rental and Property Listing Signup register.php unrestricted upload

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-15415

A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The...

CVE-2025-14642

A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technicalstaffpic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the publi...

CVE-2025-14530

A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...

CVE-2025-13185

The CVE-2025-13185 entry concerns Bdtask/CodeCanyon News365 (up to version 7.0.3). A flaw in /admin/dashboard/profile allows manipulation of profile_image/banner_image arguments, causing unrestricted file upload. This is a remote-exploit vector, with public PoC available. Multiple sources confirm...

CVE-2025-11354

A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published an...

CVE-2025-11354

A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published an...

EUVD-2018-8198

Malware in sbrugna...

PT-2025-37447

Name of the Vulnerable Software and Affected Versions: 1000projects Online Student Project Report Submission and Evaluation System version 1.0 Description: A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an...

CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload

A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...

CVE-2025-7470

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The...

CVE-2022-24837

HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...

PT-2024-7645 · WordPress · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack plugin for WordPress versions 1.8.89 and earlier Description: The issue is related to arbitrary file uploads due to missing file type validation in the handle image upload function. This allows unauthenticated...

PT-2024-23788 · Bestwebsoft · The Quotes/Tips By Bestwebsoft Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Quotes and Tips by BestWebSoft WordPress plugin versions prior to 1.45 Description: The issue concerns the improper validation of image files uploaded by high privilege users, such as admins, allowing them to upload arbitrary files on the...

PT-2024-37535 · WordPress · Testimonials

Name of the Vulnerable Software and Affected Versions: IQ Testimonials plugin for WordPress versions up to, and including, 2.2.7 Description: The issue is related to insufficient file type validation in the process image upload function, allowing unauthenticated attackers to upload arbitrary file...

Bakery Online Ordering System Code Issue Vulnerability

Bakery Online Ordering System is a bakery online ordering system by janobe individual developer. A code issue vulnerability exists in Bakery Online Ordering System version 1.0, which stems from /admin/modules/product/controller.php containing an unknown function that causes unrestricted uploads v...